last executing test programs: 1m2.439542274s ago: executing program 1 (id=222): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/fua\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000380)=""/172, 0xac) 1m2.299528956s ago: executing program 1 (id=224): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000002400)='/sys/devices/virtual/mtd/mtd0/mtdblock0/ro\x00', 0x20000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) getdents$auto(r0, &(0x7f0000000100)={0x800, 0x6, 0x3, "694e35b9d41e181fcace6c00f28fdeb373a62873d9b2445d6f402374b30e6d89639b814a9306349576d6d59f6aa6b148bf30c1824e5867e9fbda6ba5356a05656ee3ab77904f800377786443351f953c2c3fc10af304b60e61b4f2ed74a3a55bcbf31611f6cea89dcd64277a4843d59dfc3b29c22050a0363c8d6d764d909a5620ee11fee823ee520398b761473fbe3adb79722e16dd4cc19af5ab19ec35df6439f000381eb1fb0176d6aa8de2d080e629f53833d92f7752d4d9755f42a330d234a94ae0e43636d168e6c6b277019f60d59732699fe3ec"}, 0x4c3) close_range$auto(0x2, 0x8, 0xffffffff) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x3c, r2, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0xc, 0x0, 0x1, [@nested={0x4, 0x3}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0xc800) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYBLOB="01007050a7f82fc634b10f00003460fac93497d76d"], 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x2) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) madvise$auto(0x110c234000, 0x1, 0x9) r3 = socket(0x10, 0x2, 0x0) madvise$auto(0x80000001, 0x101, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffbfffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0x2, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) setfsuid$auto(0x1) unshare$auto(0x40000080) madvise$auto(0x0, 0x20200, 0x15) 1m0.643887493s ago: executing program 1 (id=231): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x700, 0x83}}, 0x0) 1m0.297217859s ago: executing program 1 (id=234): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0x42, 0x13, 0xc3f) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) lseek$auto(0xffffffffffffffff, 0xacb, 0x7) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = prctl$auto(0x45, 0x17, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/de\xe5\xec\x9c\xbe\xeb\xaf\x87X/2\xa6id-\x1av/audis1\x00\xe2\x1d|\xb0\'%\xb9\xe2Te\xd9nOl\xf2\xdd0\x04\xb62\x8e\x8dtB\xaaOs\x04+\xbdu\xeb\x93v<$\x93\xf3\b2\xc7\xb5\'\xc0S\x84\x1eo\xba\x12\x86\xf7\x91\xf5\x1e\x03v7\xdc\xd0\fT\x17\xf8\xbbdU\x02\x99R\x15J\xb50\x9e\xcad\a\x97\xd5\x12\x8c\xe8\x04y\xd0j\xc8\x8b\xa9)\xbbb\xbf\xc2\xdd\xd4T?\xbe\xf8z\xd0\xbd\x12\xdf\\\x1d|T\xd6\xeb\"Z\x99&\xd3\x1d\x99kY\xb5M\x05\xd8\x11\xd3\xec\xfe\xc8U', 0xa3d9) unshare$auto(0x40000080) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x27, 0x2, 0x3ea6) fcntl$auto(0x0, 0x0, 0x8001) r3 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x88c01, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r3, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x0]}) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000040)=0x0) connect$auto(r2, &(0x7f0000000240)=@nfc={0x27, r4, 0xffffffffffffffff, 0x3}, 0xb49e) r5 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r5, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3}) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) setresgid$auto(0x0, 0xee01, 0xffffffffffffffff) r6 = getegid() ioctl$auto_XFS_IOC_SWAPEXT(r0, 0xc0c0586d, &(0x7f0000000180)={0x4, @raw=0x4, @inferred=r1, 0x3c, 0x3, '\x00', {0x4, 0xff, 0xa, 0x0, r6, 0x5, 0x7, 0x9, {0x4, 0x5}, {0x40, 0x169}, {0x6, 0x6}, 0x0, 0x40, 0x7fffffff, 0x40, 0x5, 0x7fe, 0x8, 0x5, 0x8, 0x81, '\x00', 0x5, 0x1, 0x8, 0x100}}) setregid$auto(r6, r6) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) ioctl$auto_SG_GET_REQUEST_TABLE(r7, 0x2286, 0x0) 58.295622955s ago: executing program 1 (id=239): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), 0xffffffffffffffff) socket(0x10, 0x2, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r4, &(0x7f0000004100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x4000000) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)={0x20, r1, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x20}, 0x1, 0x3e7}, 0x4000000) 58.076348728s ago: executing program 1 (id=242): syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) setsockopt$auto(r1, 0xac, 0xfe, 0x0, 0x200056b) r2 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x80006, 0x9, 0x6, 0x40eb1, r0, 0x300000000002) setsockopt$auto_SO_MAX_PACING_RATE(0xffffffffffffffff, 0x3, 0x2f, &(0x7f0000000300)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6<0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFb\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xeeH\xd2\xa8\xeb\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f', 0x4) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = pidfd_open$auto(0x0, 0x81) setns(r3, 0x20000000) socket(0x6, 0x5, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', 0x0) ptrace$auto(0x4206, r2, 0x0, 0x5) capget$auto(0x0, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(r2, 0x100000000, 0x0, 0x0, 0x0, 0x8000000000000000) symlink$auto(0x0, &(0x7f0000000000)='\'--[[\x14+\\\x00') r4 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/exec\x00', 0x200, 0x0) read$auto_proc_pid_attr_operations_base(r4, 0x0, 0x0) socket(0x25, 0x3, 0xa) mmap$auto(0x2, 0x2000c, 0xdf, 0xfffffffffffffff8, 0x401, 0x7ffd) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) 42.705505009s ago: executing program 32 (id=242): syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) setsockopt$auto(r1, 0xac, 0xfe, 0x0, 0x200056b) r2 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x80006, 0x9, 0x6, 0x40eb1, r0, 0x300000000002) setsockopt$auto_SO_MAX_PACING_RATE(0xffffffffffffffff, 0x3, 0x2f, &(0x7f0000000300)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6<0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFb\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xeeH\xd2\xa8\xeb\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f', 0x4) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = pidfd_open$auto(0x0, 0x81) setns(r3, 0x20000000) socket(0x6, 0x5, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', 0x0) ptrace$auto(0x4206, r2, 0x0, 0x5) capget$auto(0x0, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(r2, 0x100000000, 0x0, 0x0, 0x0, 0x8000000000000000) symlink$auto(0x0, &(0x7f0000000000)='\'--[[\x14+\\\x00') r4 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/exec\x00', 0x200, 0x0) read$auto_proc_pid_attr_operations_base(r4, 0x0, 0x0) socket(0x25, 0x3, 0xa) mmap$auto(0x2, 0x2000c, 0xdf, 0xfffffffffffffff8, 0x401, 0x7ffd) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) 5.24916783s ago: executing program 3 (id=407): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8003) r0 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x3a5481, 0x0) r1 = openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim1/fib/fail_route_delete\x00', 0x30000, 0x0) r2 = fcntl$auto(0x2, 0x407, 0x80000001) close_range$auto(r0, r1, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) r3 = socket(0x11, 0x2, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r4, @ANYRES32], 0x18}}, 0x80) r6 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r2) sendmsg$auto_NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000400000000000000250100000009000500fb0c0000080001008500000008000a00aae50000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim0/ieee80211/phy0/rfkill2/hard\x00', 0x2600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f00000000c0)=""/228, 0xe4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) dup2$auto(0x5, 0x4) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x80000000002}, 0x3, 0x4) get_robust_list$auto(0x0, 0x0, 0x0) semtimedop$auto(0x8000, 0x0, 0x3e, 0x0) 4.626689729s ago: executing program 3 (id=409): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0x42, 0x13, 0xc3f) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) lseek$auto(0xffffffffffffffff, 0xacb, 0x7) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 4.246268462s ago: executing program 3 (id=412): close_range$auto(0x2, 0x8, 0x0) 3.811427126s ago: executing program 3 (id=415): syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/system/node/node1/distance\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0xa4e2, 0xeb2, 0xfffffffffffffffb, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001080)=""/98, 0x62) exit$auto(0x10001) keyctl$auto(0xb, 0xfffffffd, 0x7, 0xfffffffffff00003, 0x6) 3.75560458s ago: executing program 4 (id=416): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000001100), r1) sendmsg$auto_CTRL_CMD_GETFAMILY(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000ffdbdf25030000000600010030"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000044) (async) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r1) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x60641, 0x0) write$auto_proc_gid_map_operations_base(r4, &(0x7f0000000380)='}x', 0x2) (async) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x18, r3, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@THERMAL_GENL_ATTR_TZ={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000010) (async) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x2c, r3, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [@THERMAL_GENL_ATTR_TZ_TRIP_TEMP={0x8, 0x7, 0x6}, @THERMAL_GENL_ATTR_TZ_TRIP_TEMP={0x8}, @THERMAL_GENL_ATTR_TZ_MODE={0x8, 0x9, 0x40}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000044) (async) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="5b0000006ab9fd4182d2953f876b69ecf406736e5444a7935a121848c16790980dab90dc32ac9550754c32e205718faa53ed08f4349a28a70000000000000000", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fedbdf250100000008000a000800000005000700580000000600020005000000080009009c781e0308001800fd7f00000800190000800000"], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 3.403647244s ago: executing program 4 (id=417): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto_MSG_STAT(0x4d65, 0xb, &(0x7f0000000180)={{0x1, 0xee00, 0xffffffffffffffff, 0x6, 0x1, 0x2, 0x4}, &(0x7f0000000040)=0x6, &(0x7f0000000140)=0x2, 0x7, 0x8, 0x2, 0x6, 0x8, 0x5, 0xa0, 0x6, @raw=0x7, @inferred=0xffffffffffffffff}) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) r3 = getegid() setregid$auto(r3, r3) r4 = prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x2d, 0x2, 0x8000000000000000, 0x0) r5 = getegid() ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred=0xffffffffffffffff, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d", @inferred=0x0}, 0x2, 0x5, 0x4, @raw, @integer={0x100000000000007, 0x5, 0x1}, "7adec199a16a2311eacf2fc7ae6e9858eeb78db8d04fdd73340238d212b6debe0eda71bdd709254592b67f9ca1adb17884a16f7ce8cbce0bb32791702b8d7c38"}) rt_sigqueueinfo$auto(r6, 0x7e, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x41, 0x7e73, @_sigfault={0x0, @_perf={0xc, 0x40009, 0x9}}}}) r7 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r7, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) ioctl$auto_XFS_IOC_SWAPEXT(r4, 0xc0c0586d, &(0x7f0000000180)={0x7, @raw=0x4, @inferred=r4, 0x3c, 0x3, '\x00', {0x4, 0xff, 0xa, 0x0, r5, 0x8, 0x7, 0x9, {0x4, 0x5}, {0x40, 0x169}, {0x6, 0x6}, 0x0, 0x60, 0x7fffffff, 0x40, 0x5, 0x800, 0x8, 0x5, 0x7, 0x81, '\x00', 0x5, 0x1, 0x8, 0x100}}) setregid$auto(r5, r5) setresgid$auto(r2, r3, r5) r8 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) statmount$auto(&(0x7f0000000340)={0x4, @raw=0x5, 0x1, 0x3, 0x6}, &(0x7f0000000380)={0x1, 0x5b75, 0x5, 0x5, 0xfffffff1, 0x6, 0x2007, 0x9, 0x3, 0xb, 0x9, 0xdc00000, 0x7, 0x5, 0x208, 0x2, 0xffffffffffffffff, 0xc, 0x7, 0x3, 0x7f, 0x7, 0x10000, 0x0, 0x404, 0xfffffffe, 0x6, 0x3, 0x5, 0x89, 0x73c6, [0x9, 0x9, 0x9, 0x6, 0xd3, 0x27, 0x991, 0xa4, 0xfffffffffffffffb, 0x5, 0xc8, 0xda9a, 0x714, 0x80, 0x8, 0x1, 0xba, 0x785, 0xfffffffffffffff8, 0xa, 0xd4, 0x8000000000000000, 0x80000001, 0xf3, 0x2, 0x0, 0x0, 0x100000001, 0x1, 0x101, 0x8c, 0x9, 0x2, 0x94, 0x3, 0x5, 0x200, 0x10001, 0x5, 0x6, 0x7ff, 0x8, 0x8], "6a22d68f074e9cff7a914d8e54ca7cb90c6062a70f598bf8f0d745137822b9d33554cbf5e10006174d35d30749d590f6039f88197bff5565ada773a6c3276ec548817107cd46736499197ad46824ad3d44a5da5349bf127a27e5bf917f5ab1f7fd37b08d11eb077b65402a2b5207f3cce9025be3a000aa2cee457268ad705b129ed030aa1adeb8c7675bbcae3cc490a6af056afbbdb2e503223229a79d25c515faab5e41a2aaa7a50dc463515baf9a27adda889854a98feff6a141286ab69d6414eb97e184b7e17b487390d072902619e4fadce15f591c94bd686d8cddd748ef84ceee19c9c00681a134155956214b74748cfbd8510e917b9e85208541aca8fb190f9620e7232237451ca4b40f8dc0ca4fbbe256e8d0298cf03395b4bd2b4e02b4d17595673470447c3535be957231b8108fba1f0da5266082ef3f373f5797dcfb527475f8f6cba2f54c6ccd45860ad343b2c62a9cc8821f61cc6b67d4a15dc198244a01dd182036b7e451d3f31784891d1a4923596617f42750426fe48fc65fc68e088e149c6684504ff701e3130ac16768fe16f96c56748582efb8dd23cb2f8f193a70fd3d2461dc2a77bca5a77abd9247158cbe426eea1ae3e1615446f9e9474af711628228692a61616d8513d7d5607b11c5884221675c044c21a08bdf0fe220a70f0414fcffaa47134a55d0d752885408f20eaab7d1a7f9604340f516c107bbb281a6abec6055f90c2eb6cd7b24368a9387e183408c966f3a719d24889d80717eedeab5a893247a8fe76598305308f1d4e7f1485c20201d456a17377475c7eeee65586726e17443b8cb3efe10ee12731c3d72a9134ce9e2b6a4b7b1b575f61a42cd7839c8fdb1ae5bbf32515a6a21fbcc5a5b6910100efcf7caf6acebbadee90f2a24607d6429fa588b447586c9ff4ea8848d6a01142cc3f5ba2852d95342d970cc5c6dd1ef8d005757dd8b6010d46a6d833010b74c479bbcf716569f78f443d42678c6bdd42b450e34694812e2eca32d98120dae17ae9cca0edde02575a690262ca4410988c318b289e631328e144c1c65c1e9181e31d4efb0701be5d1fee795aa9cb64fc4950a4bbbf2db1cc49b9054072a359ae301962177e554319010cd6c173ec2ff89ff273fad02c43e6d975d53dd47074a66fb92076dbfad88b522f70b9ea7f8c9fd5536779c8b63ace802c3c63f74e9e3c56695c9fa78e7fa2afda993036195e059688d97c532787b0530d8702b9ea2c5b830476318ea81530e3b9790338fccad8c4543ba8d3c2765fc4998081dcf4ac10053683297e3dc52811b73c3a17b590cf76099903b4033251d0508030c95de8c33bcf9682cf93b4df9341f6b4b9b50466e30986fb00e9be0bc923e662e8c8fbae4256db4f3c32fa7d970f53142347891ff67a59ead22e8a18cdea5a71f99fab58f0bb3d190adb160c1a84ebd1aa2e64bf449a9909458ead87719147354ed0ba069a7776c9f01ebc5640e93a1b689539ec5456304a78abc29910c2193f559602a5b8d4c49e038e1d4208e3f6c57f24406f4ad0fdc5d3d970011092ae919485fc970f7b579b891a224b4a4b5446cea614939bf73c37fc7f30b30b590317487a12177c8a3ff35eaba15fc76aec65be04636ea33bf2fc8b11bd55b00107f827cececceaa8aaed2c4b19d2dea38fe6084f62c35430c347095f4ca65f538b0364a8ea5f5d9173d48ecf6a81b3748d57c465ddb3ee217b99b7d53a56ff40079c6b4ab60556b2863665cf955bea6a2688a8f0af4e4df7df9f96849f8a6281979bfac368dbec25c60c7fffb3be4664e71038c6be94390620baf1b0dc1342b16d2ed2a5a32929005a1a7ebf762cdbaed3aec1aabdfcbaeb6abd5e714ceb1073b2bb3c3386b4d610f71e187b032cf22324d373663e8ed743fd52f116b70e86caba42e400b6238c89cbf4d782269fef89fd585d098235f7b42716c93ae66c044f8bc6fa285454bcfe0eaa8d3f8831bfe22a77037862a219f085101f92828ad59c98c0e622bac327c3b2dee7639d0f7530baf277a45ea420421263935709aa0f0b077734a68bb92ca0d06ac578f1ec70e883b12cc2ae80e8371dd6fc168fbd8f3a773731f0b160c864630a41dd161e106853409936238a69825b59f8dc2f69f57aebf38d5500b484d1114dcd5bbcb141aecbaf418b92ded575397a1fa251841ec695b07e2199ea63cf98e04ea6807f65397616d3d71c9622a00b5af42cbb4f40b211cc77bd590053862a96e058fee3ea6397e5f2c5437d2f200bc94ca293d1075c951e731ebf2f4a045cf82e0712c183729c547148bfface259311837509a82126cf3c3917001cbd6e7e2735858127453e5ae46c3404b8aaed4877564fd8a903c911700d061e2b86ee8e88ae2ce48b7ecc6207f52681f5a4159986a86764ad9213c25f88643b6e1f87edab8dc5a253e55351d62d494a17a068d8ccea063c0d45740fdc2b3eda1b0b182a6c72ad7647187b90354ba55f54acbb50fe2bff22d62f18508b0f57f30e23146f87a512af0e0d7550f442e01854e548182aad09f20c14dca230483bdae0704949c8497a2404f8ac2e6a164be5881bdf5940c5790d8fbf7cd5e16199ec6348b8d6612a997895a9773acabd26fba6f82325c12b8fe36175820f92a95b912fa2f53c7bc8f050da35fe6cdde521b2e8356acf5eb90a2a5582e0916efa1471d90b183001c0f991e55704d580e6e713cb08281bcca88260a19b07e99717f2e8eac9920b60f2597cdadc28ac84d63b94f56f84418f9f552b7b56291f4608ab5a1e8f601a6108def754279f7c2f590aaa2312469eb6d66421b693612a4bfe819e0715bf13660c6247ebef6ffb03449de0f41b80283a0f05384bd3b14c7657f67887285f9a4851b8fe9806da0ac82f6dfc1350458802eebebcae0914fc85aacea94505c5b2eda39ee672e4988ddef2f6bcc3278e1045ded937b34f7fd3606ac7bcadec7ee99b2deb971de812bd6f17852455f5a402df4d59f37e00956ac82fbddb70781970e31cd84135003121411e3c3a76a4dc7f4c1e2a747fa0cbaedb0f8f0c16b7ce5b0df549798f9f0907754606baa4891673342e8c48e29768c14d4e4fe7675132bf0c25a7765b0532edec6c6b70081ad56b4803962a842771471fa3956adf09cc8c7f96a226beede27d809ec8a6183412719dd61277188af6dba53669276791807dd43c678b76f4fe558670033a38f45e3669a5e51b4bb500d0081952b977d2aa08c656e390a71845b941ace9fc1c9cb1e632bfc65690bbc939833c6acc1b9b4de105c88102a2015aeb29def4d659bdee92ace3dfac3bf6f474b90ddd11b7db41ea92f34520503eefb52f05ca2c59694d6d059a40b1b636489dccb71a93577a652ba7f1fc5800e36189ada83812c0c890441ded1ee45601b271797cf92caabffe94b8c6423f7d1bcf35b526e50727f6011f207702c938fc64ea691f327a035d6f87addda721e259d2337e6439e6df9a76f3ea9c0908ebdd04c59747fd9b12fd4741344854605072944f3c41668da049c91b3579b107b9af8f5177a51091b1306414429777f7ce2d5077b28c4a242f8fad5d2666ad09268ede856d8968ee03daffbf38b322bfe7645195b643be5818fc1429a82b825ee6d0278bc1ecf6f88b8ca712ef11a72a8e2037f8829dd69dde5239f4c769fa4796032ba6e9ab6cfbfc08c144af0f2bbb8b9be1f7b946fed12d48037be9982b8104017b660d258e4154b8f395cece88e8b8804110cd2ab33df39cf2780a56beaa6115dff7346c518d28868b7de7bcd381d8fe8f81646039bc4428d03473920df57efcff2f908ce392f396dfac3d0c0e10b14bb9d401fe43986fa7504ed4f7d1153277c49a533c4fba5ef90b6a10c2dd3e092d0e55d3d372643fff6c936f5eccc4112c117f4ebb4d7d356ea4c7108ef34096b2a704a77e6fb52ac7b3a842ded05a9f36eeadc5f263b185623eb972cddcf81e597ccae1d8f960f8d93647b2ceeda6e758ab71394bbe8d51e57883c05a42313cd94db82a8a930f3c9dfe44f8f198cfa584fbdd2eebb53e2f5ed01e312ef5713c9458b226ece5a5e04a4f2afa842a67708c6bfa111bf066a3c750d9d2cd28d2a949bacd02f7219aee069f3645851529a481c9d44d37f6ced9318e08409b6950abcc00f9c62942ab3b07192851c7590f78cd63488f4171e19796036337b8b25e346ea21e355ab94cfc4103e5368dcdc45709e9869b1c819b02d4c30830c15fd208940162429b5f0082ff3d29472fa7333fbb9e77c2dcf01d242e942569a18e39efd051c69633c27573467dc54e13482c4d0bad0023e9e863028a5f5175f9f0b2b4616a6d11ffd9434c0c6629457bc6c8d5231f1402ef741c6e401a6a80173f3e197ba7d7b2afc95ed72af0be0d71620be0cc3ab56d4b1c444f90b240dc60f966ed060cbe69791fe4bddcbbf684ee381c001b19c63b8fdae970e00977ee1d4411dbd222223dcf641962c7e0f8f5551c1fa2d0d57caa09ffad1785298e57fcbfa359dc8a4c6223c5c521033645623ad30f63d762eaa533153ea3fc4bb8377d82e49b6ac51c8f8e129f399b01fcfb5349b66fbfc4bf43c3ac0df5ffe6c2a3cf667654982aa6b14e4a8527f54cdd6eef6bb0e7e89b35de941877871e6d14e62aa17031cf3d02d7fc994445f46307b767a6fd36df0ff25389c6c60c52f2aad15c34097806dfaefe6772580a62c92459471f233a790bcd9951ba383c576676fc12a9cff5d378f2e77553a41bdad379b94ceb406a3aeaf693002d0ebd8be2113cf0c208be87c0d233ccf0371bf349051faccb889ddba3c2a0dd2aa556fc862eb451e646657cd60baf34f0c3c2b727cc36dbc42b7a87435b6dec5cc5fedb5ba153479658e8f088fff73d092c4b15da128fe0bc553855b9a9382761f523f121777467bc0f93bc8999c78ad90588f327464c61e4f3710754d6388ff4c6668a74d4ba2435e2f01a7cd7a6655e8a1495262c57c8e91b081e7c77dea81d13b6b5fd8d68c830177ce8d2515f214f438ea036bedc4f3a2a4d9507cc4449ee20da5957aab079c5db6bd8ed455d0cc6b307103829289f109b13518d7acb8ff2752cdd6af9e5a91917c73beb5e58f8624d376970ad96a355e97b845b4bcfe79287d2aff03d2b4786cb10cc01812a557590452b413034852d0f045b87e4bc2c3002c16b44beff106f8ffa0838c5c28a1076a1bd25cbaa7b2abb698480d8fb13516f13ed21b7d36619dd97126f060b373b33e0ff996922b543772523a5f63b138158cd0d66a6837947a95b35041322581c2fc1dfe7a655bc73bc1abd82c529927459e5826b15538073b0c5932982959c99578e57836a39d643d8c3c59716d19602761f3e137e19077c42e7825aee9ba47d3e26fcfb6fb83bc793eeefc38784645ff34fda687e3c5f23c58502b1874a66e917cbec4652fe0a20258b30982108f91acca2ede2ebf89f1565333e083eb916052a6a69aad9e9515a00f05261b9f2616ff95b948e66d8481387a8b8972348693bd87c45a7b7a4c244bdaa20be550ae12b81e337d6228c789ea515e40a865c3e743a658a9f9df60e4399f8f5d5d2177cc25cce182411ee544b109ee277684e5ec76d39f766eaf4cea674188218f2162835f8bfd310c669f4be020ee5f5e9c33b5a9d4c060286535f01e5750ef7b4f05d0d632c580e9c083c02e938e0b931fa2a6647011d4e91e127abee3818fe977ef2529832e9f8d6b1d03f2cc95cc59e53eac25d9be950a36ed56ca498a13b93060d99912f58747fc7744b6b507"}, 0x0, 0x7) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="1b00fcd6000000000000514357038008000c220000006a351913361995c600a8e13e52a6d71b51e151c2df6e02dc5c2570325d6ddb1b744a7926b2cc6c27e281e893bac04ee0b31a9385cb05076f7f1e26ea2c6bf95b4dffc5fd12e98a6076acb1802f8d5c6091b0147c2d7e3af136c0738ae2eb9385102181e529b6d4e64951255a98d84580838436309537eb4783bbe40e076c04dcd8050fb8", @ANYRES32=r1, @ANYBLOB="12000100898771f1c19f17790485908286dd000004000280"], 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 3.287784859s ago: executing program 0 (id=418): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40000, 0x0) unshare$auto(0x40000080) poll$auto(0x0, 0x5, 0x108) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x2, 0x0, 0x28) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xee46}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.224463179s ago: executing program 4 (id=420): mmap$auto(0x0, 0x2020008, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/uts\x00') ioctl$auto(0x3, 0xc0383e04, r2) 3.030481225s ago: executing program 4 (id=421): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 2.937140249s ago: executing program 4 (id=422): r0 = ioctl$auto_TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)=0x5) fchdir$auto(r0) ioperm$auto(0xd44, 0x6, 0x8) (async) tkill$auto(0x80000000000001, 0x7) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim0/net/wlan0/threaded\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000440)='0\x81=\"\xad\xfel\x15b`\xf1(\x19\xbf\xc2r\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=\xd8S\x1b\x8d\xb9l\xd0\xdf\xa4%0\x15\x13/\xca\a\xa4\xaf|\xb1O\x9c\xbd/c=\xd8]\x94S3\xeb\xed\x10/\x1e\xc9\xa5\x12\x8b\xc6\xf3\xb3-w\x0e\xads\x01\xe22\xd4\x85\xe2`\x13\x05\x01D\xba_\xa7\xe4|\xe9\x9c@\xf2\xe6H\x0e;h\xee\x8f\x99lBd\x95\xe4\x1d\xe3I8\xc0\\\xbc\xa3\x19\x00\x00\x00\x00\x00\x00\x00\x00\x8a\xb9+\xb9\"\xb7\\4h\x1a\xc4J\x11oJ7\xf5\\\xb6?\xca\xbd\xa0\x18M\xc3]K\xcc\xec\xd8\xf8A\xb2\b\xfc\xfd\x83r\x9aP\xecG.-7v\x14_:\xa1\xc1\x7f\x14Q\x10\xa5\x1dZ\xc4j\x05\'2\xa11g@\x17\xef{\x9b\xab\xb5tdMj.\xf2\x00'/238, 0xd4d1) (async, rerun: 64) dup2$auto(0x5, 0x4) (async, rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) futex$auto(0xfffffffffffffffc, 0xc, 0x7, 0xffffffffffffffff, 0xfffffffffffffffc, 0x8) (async) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) move_mount$auto(r0, &(0x7f0000000100)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00', 0x55) close_range$auto(0x2, 0x8, 0x0) (async) socket(0xa, 0x5, 0x0) (async) socket(0x2b, 0x1, 0x1) connect$auto(0x3, &(0x7f00000000c0), 0x55) (async) listen$auto(0x3, 0x81) (async) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="8b632abd7000fedbdf250a", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) (async, rerun: 32) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC2\x00', 0x80, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) (async) socketpair$auto(0x8001, 0x5, 0x5, 0x0) (async, rerun: 64) ioctl$auto(0x3, 0x4038ae7a, r4) (async, rerun: 64) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000700)={{@raw=0x6, 0x4, 0x2, 0x5, "26cb83211ffd7f6567850e138dd717bfeb7ab5c55e35d9811b26db6e6f8c5d7d57cdda7ca056a2a31e5dfe27"}, 0x0, @integer=@value_ptr=0x0, "1cd4f43065c34bdcb5fa6160f24c5f3eb5328361438ff4cd82ad2e9771421debdad4d39a52fc70b9012aff448a8b4a75e7c5126dc116dd8f5751e93614151d5a4f55a63e9ba1ad1e6542796d2a1cd644b0d756001b66abab0c0fd3b4287befd247e5410bef4c186120b5bed4ab64ffeb4b7c5a69166021a8814332515a657e93"}) 2.748962954s ago: executing program 3 (id=424): socket(0x2, 0x801, 0x100) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5\x85\x91p\xe6\x1eRN8\x90\x86\xdde\x1cJ\x99\x00\x11\x89\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) r0 = fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x2, 0xa7a9, 0x16000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_null_fops_mem(0xffffffffffffff9c, &(0x7f00000000c0), 0x241, 0x0) read$auto_null_fops_mem(r1, &(0x7f0000000100)=""/98, 0x62) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x56b583, 0x0) close_range$auto(0x2, 0x8, 0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/pcm0p/sub4/sw_params\x00', 0xa000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x16) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8081, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c04, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(r0, &(0x7f00000001c0)=@in={0x2, 0x2, @multicast1}, 0x59) 2.610053224s ago: executing program 2 (id=426): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaabb00000a0001000000000000000000080004001000000008000200", @ANYRES32=0x0, @ANYBLOB="0a0011"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="100028bd7000ffdbdf250001000008000b0002007f"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x8c1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1700", @ANYBLOB="7f"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/modules\x00', 0x40000, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f0000000380), r0) sendmsg$auto_NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r1, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0x10, 0x1, '/dev/audio1\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) read$auto(0x3, 0x0, 0x7) 2.572552544s ago: executing program 0 (id=427): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x808840, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) (async) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8) (async) set_mempolicy$auto(0x4006, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptywa\x00', 0x0, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) 1.819419912s ago: executing program 2 (id=428): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) mlockall$auto(0x7) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000) mlock$auto(0x1000, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setfsgid$auto(0x9) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r2 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8953, 0x0) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) madvise$auto(0x0, 0x3, 0x15) getpid() mlockall$auto(0x800000000000005) msgctl$auto_MSG_STAT_ANY(0x2, 0xd, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40010) getsockopt$auto_SO_TIMESTAMP_OLD(r0, 0x4d88, 0x1d, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100)=0x2) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.586536553s ago: executing program 2 (id=429): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, 0x0, 0x55) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000005480)='/dev/snd/pcmC1D1p\x00', 0x62080, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0xc0884113, &(0x7f0000000000)={0x3, 0xfc0, 0x1d7b, 0x7, 0xf1, 0x4, 0x0, 0x7, 0x2, 0x2, 0x1, 0x10, "ab1b5ea54fdfba0671938af672a210483092d72b2c673dfc0c6603ca145eeedd6cf91f50702d6fdd90928c1b892859f3cde111607d44ceb5"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) pread64$auto(r2, 0x0, 0x4, 0x10) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) shutdown$auto(0x200000003, 0x2) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x69, 0x0, 0x6, 0x0, 0x1f, 0x1000}, 0x1}, 0x3, 0x20000000) select$auto(0x1, &(0x7f0000000080)={[0x2, 0x30000000000000, 0xdf, 0x0, 0xc, 0x0, 0x7, 0x27387617, 0x100000001, 0x400000002, 0x6, 0x2, 0x1, 0x7fffffffffffffff, 0x7, 0x4a3]}, &(0x7f0000000180)={[0x6, 0x4fe, 0xc1d, 0xc, 0x1, 0x4, 0x1, 0x0, 0xdbe, 0x4, 0x9582, 0x1, 0x40000005, 0x0, 0xffffffffffffffff, 0xffffffffffffffff]}, &(0x7f0000000200)={[0x77e5, 0x4, 0x7, 0x1ff, 0x8, 0x7, 0x10001, 0xc2, 0x8, 0xa3, 0x8000000000000000, 0x5, 0xeb1, 0x8000000000000000, 0x7f, 0x6b]}, &(0x7f0000000000)={0xfffffffffffffffe, 0x8000000000000001}) 1.483773237s ago: executing program 0 (id=430): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000100), 0x44000, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(r0, 0x0, 0x80000000001f40) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) close_range$auto(0x2, r1, 0x200) socket(0x11, 0x3, 0x9) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$auto(r2, 0x541c, 0xffffffffffffffff) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa2342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)) write$auto(r3, &(0x7f0000000080)='7\x00F\x80\xf9~\x03\xcb\x12\xfa\x00\x00\x00\x00\x00\x0e\v9\xb5j\x00\a\xc9\xe2W\xe0\xea\x10\xac\xd0\x97\x03\xc2.\x04\xf3+a\x1c\x05 \xfdr/D\xbf\x00^\x8e\x92\xaa\xe9\xbf\x90a\xb5\xc3\xafxB\x8c\xc1R:\xb5S9mq\xf2\x12z\xa2&\x9a\"\xc1\x13\xd5\n\xbf\xa95\xcc\x94\x9ak\xab\x03\xcc\xd3', 0x40000001) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r4) gettid() sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f00000028c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x841}, 0x80) 1.483655021s ago: executing program 4 (id=431): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 1.08605882s ago: executing program 33 (id=431): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 965.228999ms ago: executing program 2 (id=433): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x840000000002, 0x3, 0xff) r0 = socket(0x11, 0x80003, 0x300) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0x9) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) connect$auto(0x3, &(0x7f0000000040), 0x55) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x80000004) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="01"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x3}, 0x3, 0x0) 798.152972ms ago: executing program 2 (id=434): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) fadvise64$auto_POSIX_FADV_NOREUSE(r2, 0x8000000000000001, 0x3, 0x5) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x4000000) socket(0x10, 0x3, 0xa) select$auto(0xfffffffe, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futimesat$auto(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x6, 0x9}) ioperm$auto(0x7, 0x6, 0x2) unshare$auto(0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x40042, 0x180) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) madvise$auto(0x0, 0x200007, 0x4) 531.419452ms ago: executing program 0 (id=435): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0xa0100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) ioctl$auto_KVM_CREATE_VM(r0, 0x4140aecd, 0x0) 290.400899ms ago: executing program 0 (id=436): setreuid$auto(0x15, 0x5) shmctl$auto(0x0, 0xb, 0x0) 178.386678ms ago: executing program 2 (id=437): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x26, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) recvfrom$auto(0x3, 0x0, 0x8000000017, 0x10e, 0x0, 0xfffffffffffffffd) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/tracing/free_buffer\x00', 0x0, 0x0) setxattrat$auto(0xffffffffffffffff, 0x0, 0x84, 0x0, &(0x7f0000000280)={0x600000000000, 0x6, 0x4}, 0xaf) socket(0x2, 0x1, 0x106) write$auto(0x3, 0x0, 0xffd8) getpid() munmap$auto(0x0, 0xffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, 0x0, 0x6a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) sendfile$auto(r1, r1, 0x0, 0x4f64a1d2) read$auto(r0, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/tty1/power/autosuspend_delay_ms\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8001) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video6\x00', 0x80383, 0x0) ioctl$auto(r4, 0xc0045627, r4) mmap$auto(0x0, 0x4000000000010000, 0x4000000000db, 0x11, 0x2, 0x8000) read$auto(r3, 0x0, 0x20) mmap$auto(0x0, 0x3, 0xdf, 0x11, 0x2, 0x7ffe) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x82842, 0x85) 136.000867ms ago: executing program 0 (id=438): socket(0x2, 0x801, 0x100) r0 = socket(0x10, 0x1, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0100df"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x84) bind$auto(0x3, &(0x7f0000000040)=@llc={0x1a, 0x310, 0x9, 0x7, 0xf3, 0x9}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = gettid() rt_sigqueueinfo$auto(r2, 0x1, 0x0) syz_open_procfs$namespace(r2, 0x0) mq_notify$auto(r0, &(0x7f0000000000)={@sival_int=0x3, @raw=0x2, 0x5, @_tid=r2}) 0s ago: executing program 3 (id=439): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88282, 0x0) write$auto(r0, &(0x7f0000000180)='/sys/kernel/security/integrity/ima/policy\x00', 0x8) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r1, 0x550c, 0x5f) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) connect$auto(0xffffffffffffffff, 0x0, 0x54) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa00c0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4) eventfd$auto(0x5d5d) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) r3 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pread64$auto(r3, 0x0, 0x8e1c, 0xe00) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) timer_create$auto(0x8, 0x0, 0x0) bind$auto(r3, &(0x7f0000000000)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x3) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x7fff, 0x30d}, {0x7, 0x4}}, 0x0) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x9}}, 0x0) r4 = ioctl$auto_TUNGETVNETBE2(r2, 0x800454df, &(0x7f0000000040)=0xd29a) ioctl$auto_BTRFS_IOC_SEND(r4, 0x40489426, &(0x7f0000000100)={@inferred=r0, 0x0, &(0x7f0000000080)=0x10, 0x7, 0x6, 0x9, "6b513997d93b1a51bf95e9c77dd89de39b9356c02b3f938984eebbc8"}) rt_sigaction$auto(0xe, &(0x7f0000000580)={&(0x7f00000004c0)=0x0, 0x100000001, 0x0, {0x7}}, 0x0, 0x8) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r6 = gettid() tkill$auto(r6, 0x7) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) mq_getsetattr$auto(r5, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. [ 83.961778][ T5830] cgroup: Unknown subsys name 'net' [ 84.097706][ T5830] cgroup: Unknown subsys name 'cpuset' [ 84.107048][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.833654][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.049081][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.056980][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.065985][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.086972][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.095521][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.103304][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.111259][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.111435][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.123468][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.127871][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.140703][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.148317][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.150043][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.165600][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.170346][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.187764][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.202305][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.212870][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.213424][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.230624][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.664601][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 88.728798][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 88.903713][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 88.966523][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.973751][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.981205][ T5839] bridge_slave_0: entered allmulticast mode [ 88.989475][ T5839] bridge_slave_0: entered promiscuous mode [ 89.014428][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 89.032004][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.039362][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.046621][ T5839] bridge_slave_1: entered allmulticast mode [ 89.053989][ T5839] bridge_slave_1: entered promiscuous mode [ 89.158428][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.202509][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.212348][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.220194][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.227555][ T5844] bridge_slave_0: entered allmulticast mode [ 89.235046][ T5844] bridge_slave_0: entered promiscuous mode [ 89.287157][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.296978][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.304272][ T5844] bridge_slave_1: entered allmulticast mode [ 89.311414][ T5844] bridge_slave_1: entered promiscuous mode [ 89.336188][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.343270][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.350667][ T5843] bridge_slave_0: entered allmulticast mode [ 89.358913][ T5843] bridge_slave_0: entered promiscuous mode [ 89.368624][ T5839] team0: Port device team_slave_0 added [ 89.398929][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.406269][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.413581][ T5843] bridge_slave_1: entered allmulticast mode [ 89.421060][ T5843] bridge_slave_1: entered promiscuous mode [ 89.429351][ T5839] team0: Port device team_slave_1 added [ 89.439039][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.488411][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.500142][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.507679][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.515493][ T5840] bridge_slave_0: entered allmulticast mode [ 89.522616][ T5840] bridge_slave_0: entered promiscuous mode [ 89.556198][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.563164][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.589199][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.617061][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.624365][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.631504][ T5840] bridge_slave_1: entered allmulticast mode [ 89.639602][ T5840] bridge_slave_1: entered promiscuous mode [ 89.648828][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.662854][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.673081][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.680061][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.706890][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.790233][ T5843] team0: Port device team_slave_0 added [ 89.799636][ T5844] team0: Port device team_slave_0 added [ 89.836165][ T5843] team0: Port device team_slave_1 added [ 89.844755][ T5844] team0: Port device team_slave_1 added [ 89.853185][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.872154][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.945987][ T5839] hsr_slave_0: entered promiscuous mode [ 89.952376][ T5839] hsr_slave_1: entered promiscuous mode [ 90.002196][ T5840] team0: Port device team_slave_0 added [ 90.010072][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.017928][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.044382][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.057409][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.064483][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.090877][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.102640][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.109807][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.136152][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.148730][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.156519][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.182811][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.196067][ T5840] team0: Port device team_slave_1 added [ 90.254741][ T5855] Bluetooth: hci0: command tx timeout [ 90.260512][ T5845] Bluetooth: hci3: command tx timeout [ 90.266663][ T5855] Bluetooth: hci1: command tx timeout [ 90.313056][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.320262][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.346579][ T5855] Bluetooth: hci2: command tx timeout [ 90.352343][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.395428][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.402407][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.428835][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.459438][ T5844] hsr_slave_0: entered promiscuous mode [ 90.466140][ T5844] hsr_slave_1: entered promiscuous mode [ 90.472274][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.480072][ T5844] Cannot create hsr debugfs directory [ 90.552294][ T5843] hsr_slave_0: entered promiscuous mode [ 90.559839][ T5843] hsr_slave_1: entered promiscuous mode [ 90.566549][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.574328][ T5843] Cannot create hsr debugfs directory [ 90.599185][ T5840] hsr_slave_0: entered promiscuous mode [ 90.605496][ T5840] hsr_slave_1: entered promiscuous mode [ 90.611520][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.619151][ T5840] Cannot create hsr debugfs directory [ 90.963471][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.016979][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.030371][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.048172][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.148217][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.165134][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.188624][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.210660][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.275831][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.287457][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.299194][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.312874][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.420376][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.438888][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.457513][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.473243][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.522622][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.576312][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.613150][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.620379][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.630672][ T150] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.637962][ T150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.698537][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.767672][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.780547][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.832337][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.839763][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.858241][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.898454][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.918793][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.925994][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.952419][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.010297][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.017588][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.028682][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.035978][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.049628][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.111969][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.119297][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.222215][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.229443][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.282654][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.343957][ T5855] Bluetooth: hci1: command tx timeout [ 92.349406][ T5855] Bluetooth: hci0: command tx timeout [ 92.349893][ T5845] Bluetooth: hci3: command tx timeout [ 92.417528][ T5845] Bluetooth: hci2: command tx timeout [ 92.603013][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.654732][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.781407][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.789467][ T5839] veth0_vlan: entered promiscuous mode [ 92.876146][ T5839] veth1_vlan: entered promiscuous mode [ 92.886248][ T5844] veth0_vlan: entered promiscuous mode [ 92.929635][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.940101][ T5844] veth1_vlan: entered promiscuous mode [ 92.956909][ T5843] veth0_vlan: entered promiscuous mode [ 92.981428][ T5839] veth0_macvtap: entered promiscuous mode [ 93.001563][ T5839] veth1_macvtap: entered promiscuous mode [ 93.012928][ T5843] veth1_vlan: entered promiscuous mode [ 93.079822][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.096639][ T5840] veth0_vlan: entered promiscuous mode [ 93.107054][ T5843] veth0_macvtap: entered promiscuous mode [ 93.122760][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.137931][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.147656][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.156727][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.165547][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.186081][ T5844] veth0_macvtap: entered promiscuous mode [ 93.196009][ T5840] veth1_vlan: entered promiscuous mode [ 93.222212][ T5844] veth1_macvtap: entered promiscuous mode [ 93.232635][ T5843] veth1_macvtap: entered promiscuous mode [ 93.288540][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.301283][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.313320][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.323537][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.336318][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.347207][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.357976][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.369194][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.398423][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.409019][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.421060][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.431925][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.443641][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.453518][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.465036][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.476745][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.512101][ T5843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.522219][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.530966][ T5843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.540192][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.547872][ T5843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.556738][ T5843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.585188][ T5840] veth0_macvtap: entered promiscuous mode [ 93.592798][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.601582][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.610815][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.619810][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.657187][ T5840] veth1_macvtap: entered promiscuous mode [ 93.663001][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.675776][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.782325][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.796060][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.807558][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.819480][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.829373][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.839867][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.851636][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.878592][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.894548][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.902397][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.918912][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.933241][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.943542][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.954800][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.964796][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.975360][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.986372][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.028811][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.044359][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.053102][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.080775][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.111171][ T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.139152][ T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.233062][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.242242][ T5908] syz.1.5 uses obsolete (PF_INET,SOCK_PACKET) [ 94.253684][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.323960][ T5845] Bluetooth: hci0: Malformed Event: 0x02 [ 94.338826][ T5910] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.356271][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.365578][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.415376][ T5855] Bluetooth: hci1: command tx timeout [ 94.420804][ T5850] Bluetooth: hci3: command tx timeout [ 94.426940][ T5845] Bluetooth: hci0: command tx timeout [ 94.495621][ T5845] Bluetooth: hci2: command tx timeout [ 94.541719][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.574066][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.600006][ T3496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.618592][ T3496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.624676][ T5911] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.931897][ T5914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 96.496462][ T5845] Bluetooth: hci0: command tx timeout [ 96.501964][ T5845] Bluetooth: hci1: command tx timeout [ 96.508061][ T5845] Bluetooth: hci3: command tx timeout [ 96.574630][ T5845] Bluetooth: hci2: command tx timeout syzkaller syzkaller login: [ 96.925480][ T9] cfg80211: failed to load regulatory.db [ 97.097438][ T5929] kexec: Could not allocate control_code_buffer [ 97.519547][ T5960] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 97.635790][ T5960] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 98.425021][ T5972] vivid-003: ================= START STATUS ================= [ 98.432838][ T5972] vivid-003: Radio HW Seek Mode: Bounded [ 98.453530][ T5972] vivid-003: Radio Programmable HW Seek: false [ 98.461685][ T5972] vivid-003: RDS Rx I/O Mode: Block I/O [ 98.482264][ T5972] vivid-003: Generate RBDS Instead of RDS: false [ 98.499722][ T5972] vivid-003: RDS Reception: true [ 98.532000][ T5972] vivid-003: RDS Program Type: 0 inactive [ 98.549701][ T5972] vivid-003: RDS PS Name: inactive [ 98.568000][ T5972] vivid-003: RDS Radio Text: inactive [ 98.603295][ T5972] vivid-003: RDS Traffic Announcement: false inactive [ 98.636991][ T5972] vivid-003: RDS Traffic Program: false inactive [ 98.643405][ T5972] vivid-003: RDS Music: false inactive [ 98.723862][ T5972] vivid-003: ================== END STATUS ================== [ 99.022293][ T5975] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 100.462158][ T5999] Zero length message leads to an empty skb [ 101.465421][ T6012] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 101.485397][ T6012] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.527158][ T6012] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.546918][ T6012] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.553290][ T6012] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 101.561720][ T6012] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 101.576738][ T6012] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 101.593056][ T6012] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.600689][ T6012] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.627337][ T6012] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 101.634003][ T6012] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 101.668498][ T6012] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 102.975353][ T6032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 103.056199][ T6032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 103.097853][ T6032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.144807][ T6032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 104.564014][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.572993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.582850][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.591600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.600398][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.609234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 104.814404][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.834278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.040639][ T6073] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.052838][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.133938][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.140120][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.217805][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 105.383400][ T6081] netlink: 334 bytes leftover after parsing attributes in process `syz.2.41'. [ 106.081120][ T5845] Bluetooth: hci1: unexpected subevent 0x01 length: 125 > 18 [ 106.089473][ T5845] Bluetooth: hci1: Invalid handle: 0x1e1a > 0x0eff [ 106.117740][ T6098] tipc: Started in network mode [ 106.122769][ T6098] tipc: Node identity ee00, cluster identity 4711 [ 106.129399][ T6098] tipc: Node number set to 60928 [ 106.894076][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.224248][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.230650][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 107.308826][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.974462][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.294219][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.300280][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 109.383395][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.509051][ T6144] netlink: 20 bytes leftover after parsing attributes in process `syz.2.53'. [ 110.320647][ T6155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.55'. [ 110.416515][ T6155] veth1_macvtap: left promiscuous mode [ 111.264216][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.534107][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.279490][ T6217] nvme_fabrics: missing parameter 'transport=%s' [ 115.294138][ T6217] nvme_fabrics: missing parameter 'nqn=%s' [ 115.858448][ T6228] mkiss: ax0: crc mode is auto. [ 116.210518][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.78'. [ 116.516197][ T6247] netlink: 'syz.3.77': attribute type 2 has an invalid length. [ 117.852912][ T6275] sp0: Synchronizing with TNC [ 117.906674][ T6275] : Can't lookup blockdev [ 117.951154][ T6283] netlink: 28 bytes leftover after parsing attributes in process `syz.0.84'. [ 118.528532][ T6286] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 120.249908][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.90'. [ 120.767594][ T6327] mmap: syz.3.92 (6327) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.629135][ T6366] netlink: 330 bytes leftover after parsing attributes in process `syz.3.105'. [ 122.687967][ T6366] tipc: Enabling of bearer rejected, media not registered [ 122.839505][ T6364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 123.299452][ T6378] could not allocate digest TFM handle [ 124.463051][ T6406] ceph: Failed to parse sending metrics switch value 'P^' [ 124.941398][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.115'. [ 125.161696][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.116'. [ 125.616853][ T6425] FAULT_INJECTION: forcing a failure. [ 125.616853][ T6425] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 125.640279][ T6425] CPU: 0 UID: 0 PID: 6425 Comm: syz.0.120 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 125.640320][ T6425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 125.640338][ T6425] Call Trace: [ 125.640348][ T6425] [ 125.640363][ T6425] dump_stack_lvl+0x16c/0x1f0 [ 125.640414][ T6425] should_fail_ex+0x512/0x640 [ 125.640457][ T6425] should_fail_alloc_page+0xe7/0x130 [ 125.640502][ T6425] prepare_alloc_pages+0x3c2/0x610 [ 125.640544][ T6425] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 125.640593][ T6425] ? kasan_save_track+0x14/0x30 [ 125.640633][ T6425] ? __kasan_slab_alloc+0x89/0x90 [ 125.640682][ T6425] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 125.640726][ T6425] ? ptlock_alloc+0x1f/0x70 [ 125.640763][ T6425] ? pte_alloc_one+0x6d/0x380 [ 125.640799][ T6425] ? __pte_alloc+0x6d/0x3c0 [ 125.640825][ T6425] ? cgroup_rstat_updated+0x2a/0xb20 [ 125.640872][ T6425] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 125.640920][ T6425] ? weighted_interleave_nid+0x3e9/0x5a0 [ 125.640979][ T6425] ? __pfx_weighted_interleave_nid+0x10/0x10 [ 125.641031][ T6425] ? __lock_acquire+0x5ca/0x1ba0 [ 125.641083][ T6425] ? policy_nodemask+0xea/0x4e0 [ 125.641133][ T6425] alloc_pages_mpol+0x1fb/0x550 [ 125.641162][ T6425] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 125.641189][ T6425] ? __lock_acquire+0x5ca/0x1ba0 [ 125.641242][ T6425] folio_alloc_mpol_noprof+0x36/0x2f0 [ 125.641276][ T6425] vma_alloc_folio_noprof+0xed/0x1e0 [ 125.641308][ T6425] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 125.641351][ T6425] do_pte_missing+0x223d/0x3fb0 [ 125.641403][ T6425] __handle_mm_fault+0x103d/0x2a40 [ 125.641452][ T6425] ? __pfx___handle_mm_fault+0x10/0x10 [ 125.641488][ T6425] ? __pte_offset_map_lock+0x155/0x2f0 [ 125.641519][ T6425] ? find_held_lock+0x2b/0x80 [ 125.641554][ T6425] ? find_held_lock+0x2b/0x80 [ 125.641612][ T6425] handle_mm_fault+0x3fe/0xad0 [ 125.641674][ T6425] __get_user_pages+0x771/0x36f0 [ 125.641722][ T6425] ? __pfx_mt_find+0x10/0x10 [ 125.641769][ T6425] ? __pfx___get_user_pages+0x10/0x10 [ 125.641818][ T6425] populate_vma_page_range+0x278/0x3a0 [ 125.641854][ T6425] ? __pfx_populate_vma_page_range+0x10/0x10 [ 125.641892][ T6425] ? __pfx_find_vma_intersection+0x10/0x10 [ 125.641930][ T6425] ? do_mmap+0x69c/0x11b0 [ 125.641967][ T6425] __mm_populate+0x1d8/0x380 [ 125.642007][ T6425] ? __pfx___mm_populate+0x10/0x10 [ 125.642047][ T6425] ? up_write+0x1b2/0x520 [ 125.642081][ T6425] vm_mmap_pgoff+0x362/0x450 [ 125.642119][ T6425] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 125.642152][ T6425] ? do_set_mempolicy+0x220/0x480 [ 125.642184][ T6425] ? __x64_sys_futex+0x1e0/0x4c0 [ 125.642224][ T6425] ? __x64_sys_futex+0x1e9/0x4c0 [ 125.642268][ T6425] ksys_mmap_pgoff+0x7d/0x5c0 [ 125.642298][ T6425] ? rcu_is_watching+0x12/0xc0 [ 125.642331][ T6425] __x64_sys_mmap+0x125/0x190 [ 125.642365][ T6425] do_syscall_64+0xcd/0x260 [ 125.642407][ T6425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.642435][ T6425] RIP: 0033:0x7fc73338d169 [ 125.642457][ T6425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.642485][ T6425] RSP: 002b:00007fc734186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 125.642510][ T6425] RAX: ffffffffffffffda RBX: 00007fc7335a5fa0 RCX: 00007fc73338d169 [ 125.642538][ T6425] RDX: 00000000000000df RSI: 0000000000400007 RDI: 0000000000000000 [ 125.642553][ T6425] RBP: 00007fc73340e990 R08: 0000000000000002 R09: 0000000000008000 [ 125.642585][ T6425] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 125.642601][ T6425] R13: 0000000000000000 R14: 00007fc7335a5fa0 R15: 00007ffcfa02a5c8 [ 125.642636][ T6425] [ 126.001650][ C0] vkms_vblank_simulate: vblank timer overrun [ 126.886140][ T6456] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 127.442597][ T6451] kexec: Could not allocate control_code_buffer [ 127.742282][ T6465] could not allocate digest TFM handle  [ 128.052134][ T6475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.129'. [ 128.826553][ T6494] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 130.286148][ T6526] dump_stack_lvl+0x16c/0x1f0 [ 130.286194][ T6526] should_fail_ex+0x512/0x640 [ 130.286226][ T6526] ? __kvmalloc_node_noprof+0x122/0x600 [ 130.286271][ T6526] should_failslab+0xc2/0x120 [ 130.286298][ T6526] __kvmalloc_node_noprof+0x135/0x600 [ 130.286338][ T6526] ? trace_kmalloc+0x2b/0xd0 [ 130.286365][ T6526] ? __kvmalloc_node_noprof+0x296/0x600 [ 130.286403][ T6526] ? io_alloc_cache_init+0x33/0x170 [ 130.286449][ T6526] ? io_alloc_cache_init+0x33/0x170 [ 130.286487][ T6526] io_alloc_cache_init+0x33/0x170 [ 130.286530][ T6526] io_rsrc_cache_init+0x26/0x50 [ 130.286563][ T6526] io_uring_setup+0x68b/0x2090 [ 130.286595][ T6526] ? __pfx_io_uring_setup+0x10/0x10 [ 130.286620][ T6526] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 130.286666][ T6526] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.286714][ T6526] ? __fget_files+0x20e/0x3c0 [ 130.286776][ T6526] ? ksys_write+0x1b9/0x240 [ 130.286812][ T6526] ? __pfx_ksys_write+0x10/0x10 [ 130.286846][ T6526] ? rcu_is_watching+0x12/0xc0 [ 130.286886][ T6526] __x64_sys_io_uring_setup+0xc2/0x170 [ 130.286915][ T6526] do_syscall_64+0xcd/0x260 [ 130.286954][ T6526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.286981][ T6526] RIP: 0033:0x7fe86798d169 [ 130.287002][ T6526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.287033][ T6526] RSP: 002b:00007fe8688a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 130.287057][ T6526] RAX: ffffffffffffffda RBX: 00007fe867ba5fa0 RCX: 00007fe86798d169 [ 130.287074][ T6526] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000004011 [ 130.287090][ T6526] RBP: 00007fe8688a8090 R08: 0000000000000000 R09: 0000000000000000 [ 130.287106][ T6526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 130.287121][ T6526] R13: 0000000000000000 R14: 00007fe867ba5fa0 R15: 00007fffb9676498 [ 130.287154][ T6526] [ 131.405063][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.3.143'. [ 132.780913][ T6571] FAULT_INJECTION: forcing a failure. [ 132.780913][ T6571] name failslab, interval 1, probability 0, space 0, times 0 [ 132.826770][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.3.147 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 132.826812][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.826828][ T6571] Call Trace: [ 132.826836][ T6571] [ 132.826846][ T6571] dump_stack_lvl+0x16c/0x1f0 [ 132.826889][ T6571] should_fail_ex+0x512/0x640 [ 132.826919][ T6571] ? __kvmalloc_node_noprof+0x122/0x600 [ 132.826959][ T6571] should_failslab+0xc2/0x120 [ 132.826983][ T6571] __kvmalloc_node_noprof+0x135/0x600 [ 132.827019][ T6571] ? trace_kmalloc+0x2b/0xd0 [ 132.827043][ T6571] ? __kvmalloc_node_noprof+0x296/0x600 [ 132.827079][ T6571] ? io_alloc_cache_init+0x33/0x170 [ 132.827120][ T6571] ? io_alloc_cache_init+0x33/0x170 [ 132.827154][ T6571] io_alloc_cache_init+0x33/0x170 [ 132.827191][ T6571] io_rsrc_cache_init+0x26/0x50 [ 132.827221][ T6571] io_uring_setup+0x68b/0x2090 [ 132.827250][ T6571] ? __pfx_io_uring_setup+0x10/0x10 [ 132.827273][ T6571] ? do_futex+0x122/0x350 [ 132.827310][ T6571] ? __pfx_do_futex+0x10/0x10 [ 132.827343][ T6571] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 132.827402][ T6571] ? rcu_is_watching+0x12/0xc0 [ 132.827440][ T6571] __x64_sys_io_uring_setup+0xc2/0x170 [ 132.827469][ T6571] do_syscall_64+0xcd/0x260 [ 132.827509][ T6571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.827535][ T6571] RIP: 0033:0x7fe86798d169 [ 132.827556][ T6571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.827599][ T6571] RSP: 002b:00007fe8688a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 132.827624][ T6571] RAX: ffffffffffffffda RBX: 00007fe867ba5fa0 RCX: 00007fe86798d169 [ 132.827641][ T6571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000004011 [ 132.827677][ T6571] RBP: 00007fe867a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 132.827695][ T6571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.827712][ T6571] R13: 0000000000000000 R14: 00007fe867ba5fa0 R15: 00007fffb9676498 [ 132.827750][ T6571] [ 133.722844][ T6587] FAULT_INJECTION: forcing a failure. [ 133.722844][ T6587] name failslab, interval 1, probability 0, space 0, times 0 [ 133.843932][ T6587] CPU: 0 UID: 0 PID: 6587 Comm: syz.2.148 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 133.843977][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 133.843993][ T6587] Call Trace: [ 133.844003][ T6587] [ 133.844013][ T6587] dump_stack_lvl+0x16c/0x1f0 [ 133.844060][ T6587] should_fail_ex+0x512/0x640 [ 133.844092][ T6587] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 133.844139][ T6587] should_failslab+0xc2/0x120 [ 133.844165][ T6587] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 133.844209][ T6587] ? getname_flags.part.0+0x48/0x540 [ 133.844258][ T6587] getname_flags.part.0+0x48/0x540 [ 133.844292][ T6587] getname_flags+0x93/0xf0 [ 133.844328][ T6587] do_sys_openat2+0xb8/0x1d0 [ 133.844356][ T6587] ? __pfx_do_sys_openat2+0x10/0x10 [ 133.844388][ T6587] ? __fget_files+0x20e/0x3c0 [ 133.844434][ T6587] __x64_sys_openat+0x174/0x210 [ 133.844463][ T6587] ? __pfx___x64_sys_openat+0x10/0x10 [ 133.844490][ T6587] ? ksys_write+0x1b9/0x240 [ 133.844527][ T6587] ? rcu_is_watching+0x12/0xc0 [ 133.844569][ T6587] do_syscall_64+0xcd/0x260 [ 133.844611][ T6587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.844637][ T6587] RIP: 0033:0x7f3268d8d169 [ 133.844658][ T6587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.844683][ T6587] RSP: 002b:00007f3269b8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 133.844707][ T6587] RAX: ffffffffffffffda RBX: 00007f3268fa6080 RCX: 00007f3268d8d169 [ 133.844724][ T6587] RDX: 0000000000048140 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 133.844740][ T6587] RBP: 00007f3269b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 133.844774][ T6587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.844790][ T6587] R13: 0000000000000000 R14: 00007f3268fa6080 R15: 00007ffcf32099a8 [ 133.844825][ T6587] [ 134.041287][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.069565][ T6591] netlink: 8 bytes leftover after parsing attributes in process `syz.3.154'. [ 134.498466][ T6603] capability: warning: `syz.0.157' uses 32-bit capabilities (legacy support in use) [ 135.167489][ T6600] netlink: 12 bytes leftover after parsing attributes in process `syz.2.155'. [ 135.607691][ T6626] netlink: 326 bytes leftover after parsing attributes in process `syz.0.161'. [ 135.628022][ T6626] veth1_macvtap: left promiscuous mode [ 136.241922][ T6632] program syz.2.162 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 136.622586][ T6638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.165'. [ 137.188268][ T6651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.167'. [ 137.210229][ T6643] netlink: 36 bytes leftover after parsing attributes in process `syz.0.166'. [ 137.629463][ T6651] zswap: compressor not available [ 137.870065][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.876816][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.359649][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.174'. [ 138.433297][ T6682] warning: `syz.3.175' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 139.491267][ T6703] FAULT_INJECTION: forcing a failure. [ 139.491267][ T6703] name failslab, interval 1, probability 0, space 0, times 0 [ 139.508660][ T6703] CPU: 0 UID: 0 PID: 6703 Comm: syz.3.180 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 139.508700][ T6703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 139.508717][ T6703] Call Trace: [ 139.508727][ T6703] [ 139.508738][ T6703] dump_stack_lvl+0x16c/0x1f0 [ 139.508800][ T6703] should_fail_ex+0x512/0x640 [ 139.508835][ T6703] ? fs_reclaim_acquire+0xae/0x150 [ 139.508874][ T6703] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 139.508917][ T6703] should_failslab+0xc2/0x120 [ 139.508945][ T6703] __kmalloc_noprof+0xd2/0x510 [ 139.509000][ T6703] tomoyo_realpath_from_path+0xc2/0x6e0 [ 139.509047][ T6703] ? tomoyo_profile+0x47/0x60 [ 139.509097][ T6703] tomoyo_path_number_perm+0x245/0x580 [ 139.509131][ T6703] ? tomoyo_path_number_perm+0x237/0x580 [ 139.509167][ T6703] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 139.509199][ T6703] ? find_held_lock+0x2b/0x80 [ 139.509260][ T6703] ? find_held_lock+0x2b/0x80 [ 139.509290][ T6703] ? hook_file_ioctl_common+0x145/0x410 [ 139.509325][ T6703] ? __fget_files+0x20e/0x3c0 [ 139.509367][ T6703] security_file_ioctl+0x9b/0x240 [ 139.509400][ T6703] __x64_sys_ioctl+0xb7/0x200 [ 139.509433][ T6703] do_syscall_64+0xcd/0x260 [ 139.509472][ T6703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.509497][ T6703] RIP: 0033:0x7fe86798d169 [ 139.509515][ T6703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.509538][ T6703] RSP: 002b:00007fe8688a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.509560][ T6703] RAX: ffffffffffffffda RBX: 00007fe867ba5fa0 RCX: 00007fe86798d169 [ 139.509583][ T6703] RDX: 00002000000003c0 RSI: 00000000c0505405 RDI: 0000000000000007 [ 139.509598][ T6703] RBP: 00007fe8688a8090 R08: 0000000000000000 R09: 0000000000000000 [ 139.509612][ T6703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.509627][ T6703] R13: 0000000000000000 R14: 00007fe867ba5fa0 R15: 00007fffb9676498 [ 139.509658][ T6703] [ 139.509673][ T6703] ERROR: Out of memory at tomoyo_realpath_from_path. [ 140.438256][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'. [ 141.854701][ T6759] sysfs_service_op_store: Client not running :-5: [ 142.853445][ T6781] FAULT_INJECTION: forcing a failure. [ 142.853445][ T6781] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 142.909136][ T6781] CPU: 0 UID: 0 PID: 6781 Comm: syz.3.195 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 142.909174][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 142.909199][ T6781] Call Trace: [ 142.909208][ T6781] [ 142.909229][ T6781] dump_stack_lvl+0x16c/0x1f0 [ 142.909273][ T6781] should_fail_ex+0x512/0x640 [ 142.909309][ T6781] _copy_to_user+0x32/0xd0 [ 142.909345][ T6781] simple_read_from_buffer+0xcb/0x170 [ 142.909384][ T6781] proc_fail_nth_read+0x197/0x270 [ 142.909422][ T6781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.909462][ T6781] ? rw_verify_area+0xcf/0x680 [ 142.909493][ T6781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.909531][ T6781] vfs_read+0x1de/0xc70 [ 142.909571][ T6781] ? __pfx___mutex_lock+0x10/0x10 [ 142.909609][ T6781] ? __pfx_vfs_read+0x10/0x10 [ 142.909655][ T6781] ? __fget_files+0x20e/0x3c0 [ 142.909704][ T6781] ksys_read+0x12a/0x240 [ 142.909739][ T6781] ? __pfx_ksys_read+0x10/0x10 [ 142.909772][ T6781] ? __do_sys_getpriority+0x18b/0xc30 [ 142.909836][ T6781] do_syscall_64+0xcd/0x260 [ 142.909880][ T6781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.909908][ T6781] RIP: 0033:0x7fe86798bb7c [ 142.909941][ T6781] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 142.909966][ T6781] RSP: 002b:00007fe8688a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 142.910010][ T6781] RAX: ffffffffffffffda RBX: 00007fe867ba5fa0 RCX: 00007fe86798bb7c [ 142.910048][ T6781] RDX: 000000000000000f RSI: 00007fe8688a80a0 RDI: 0000000000000003 [ 142.910067][ T6781] RBP: 00007fe8688a8090 R08: 0000000000000000 R09: 0000000000000000 [ 142.910085][ T6781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.910102][ T6781] R13: 0000000000000000 R14: 00007fe867ba5fa0 R15: 00007fffb9676498 [ 142.910142][ T6781] [ 143.510529][ T6793] .SR: entered promiscuous mode [ 143.692534][ T6791] Invalid ELF header magic: != ELF [ 143.893446][ T6789] netlink: 36 bytes leftover after parsing attributes in process `syz.1.199'. [ 144.118376][ T6810] FAULT_INJECTION: forcing a failure. [ 144.118376][ T6810] name failslab, interval 1, probability 0, space 0, times 0 [ 144.118431][ T6810] CPU: 1 UID: 0 PID: 6810 Comm: syz.1.206 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 144.118470][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 144.118487][ T6810] Call Trace: [ 144.118496][ T6810] [ 144.118507][ T6810] dump_stack_lvl+0x16c/0x1f0 [ 144.118557][ T6810] should_fail_ex+0x512/0x640 [ 144.118592][ T6810] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 144.118647][ T6810] should_failslab+0xc2/0x120 [ 144.118673][ T6810] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 144.118716][ T6810] ? __kernfs_new_node+0xd2/0x8a0 [ 144.118764][ T6810] __kernfs_new_node+0xd2/0x8a0 [ 144.118824][ T6810] ? __pfx___kernfs_new_node+0x10/0x10 [ 144.118915][ T6810] ? find_held_lock+0x2b/0x80 [ 144.118953][ T6810] ? kernfs_root+0xee/0x2a0 [ 144.119005][ T6810] kernfs_new_node+0x13c/0x1e0 [ 144.119041][ T6810] __kernfs_create_file+0x53/0x350 [ 144.119082][ T6810] sysfs_add_file_mode_ns+0x207/0x3c0 [ 144.119135][ T6810] internal_create_group+0x578/0xf30 [ 144.119191][ T6810] ? __pfx_internal_create_group+0x10/0x10 [ 144.119245][ T6810] ? kernfs_create_link+0x1bd/0x240 [ 144.119288][ T6810] internal_create_groups+0x9d/0x150 [ 144.119338][ T6810] device_add+0x731/0x1a70 [ 144.119373][ T6810] ? __pfx_device_add+0x10/0x10 [ 144.119400][ T6810] ? __pfx___mutex_lock+0x10/0x10 [ 144.119445][ T6810] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 144.119484][ T6810] input_register_device+0x7e8/0x1130 [ 144.119534][ T6810] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 144.119572][ T6810] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 144.119616][ T6810] ? find_held_lock+0x2b/0x80 [ 144.119672][ T6810] ? __pfx_uinput_ioctl+0x10/0x10 [ 144.119705][ T6810] __x64_sys_ioctl+0x190/0x200 [ 144.119744][ T6810] do_syscall_64+0xcd/0x260 [ 144.119790][ T6810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.119819][ T6810] RIP: 0033:0x7f9e22b8d169 [ 144.119847][ T6810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.119872][ T6810] RSP: 002b:00007f9e2397b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.119896][ T6810] RAX: ffffffffffffffda RBX: 00007f9e22da5fa0 RCX: 00007f9e22b8d169 [ 144.119912][ T6810] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 144.119927][ T6810] RBP: 00007f9e22c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 144.119941][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.119956][ T6810] R13: 0000000000000000 R14: 00007f9e22da5fa0 R15: 00007fff83ff80c8 [ 144.119986][ T6810] [ 145.933191][ T6842] FAULT_INJECTION: forcing a failure. [ 145.933191][ T6842] name failslab, interval 1, probability 0, space 0, times 0 [ 145.958169][ T6842] CPU: 1 UID: 0 PID: 6842 Comm: syz.3.214 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 145.958212][ T6842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 145.958233][ T6842] Call Trace: [ 145.958244][ T6842] [ 145.958256][ T6842] dump_stack_lvl+0x16c/0x1f0 [ 145.958306][ T6842] should_fail_ex+0x512/0x640 [ 145.958342][ T6842] ? __kmalloc_noprof+0xbf/0x510 [ 145.958392][ T6842] ? event_inject_write+0x363/0x2030 [ 145.958428][ T6842] should_failslab+0xc2/0x120 [ 145.958456][ T6842] __kmalloc_noprof+0xd2/0x510 [ 145.958512][ T6842] event_inject_write+0x363/0x2030 [ 145.958550][ T6842] ? __pfx_aa_file_perm+0x10/0x10 [ 145.958598][ T6842] ? __lock_acquire+0xaa4/0x1ba0 [ 145.958650][ T6842] ? __pfx_event_inject_write+0x10/0x10 [ 145.958689][ T6842] ? iovec_from_user+0xbb/0x140 [ 145.958765][ T6842] ? __pfx_event_inject_write+0x10/0x10 [ 145.958803][ T6842] vfs_writev+0x6c4/0xdc0 [ 145.958855][ T6842] ? __pfx___mutex_trylock_common+0x10/0x10 [ 145.958894][ T6842] ? __pfx_vfs_writev+0x10/0x10 [ 145.958929][ T6842] ? __mutex_lock+0x1ca/0xb90 [ 145.958979][ T6842] ? __pfx___mutex_lock+0x10/0x10 [ 145.959034][ T6842] ? __fget_files+0x20e/0x3c0 [ 145.959072][ T6842] ? __fget_files+0x120/0x3c0 [ 145.959122][ T6842] ? do_writev+0x132/0x330 [ 145.959155][ T6842] do_writev+0x132/0x330 [ 145.959191][ T6842] ? __pfx_do_writev+0x10/0x10 [ 145.959224][ T6842] ? rcu_is_watching+0x12/0xc0 [ 145.959269][ T6842] do_syscall_64+0xcd/0x260 [ 145.959314][ T6842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.959342][ T6842] RIP: 0033:0x7fe86798d169 [ 145.959364][ T6842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.959390][ T6842] RSP: 002b:00007fe8688a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 145.959415][ T6842] RAX: ffffffffffffffda RBX: 00007fe867ba5fa0 RCX: 00007fe86798d169 [ 145.959434][ T6842] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000004 [ 145.959450][ T6842] RBP: 00007fe8688a8090 R08: 0000000000000000 R09: 0000000000000000 [ 145.959467][ T6842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.959483][ T6842] R13: 0000000000000000 R14: 00007fe867ba5fa0 R15: 00007fffb9676498 [ 145.959520][ T6842] [ 146.190158][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.341900][ T6860] process 'syz.3.218' launched '/dev/fd/6' with NULL argv: empty string added [ 147.420953][ T6864] FAULT_INJECTION: forcing a failure. [ 147.420953][ T6864] name failslab, interval 1, probability 0, space 0, times 0 [ 147.421001][ T6864] CPU: 1 UID: 0 PID: 6864 Comm: syz.2.223 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 147.421037][ T6864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 147.421054][ T6864] Call Trace: [ 147.421064][ T6864] [ 147.421075][ T6864] dump_stack_lvl+0x16c/0x1f0 [ 147.421122][ T6864] should_fail_ex+0x512/0x640 [ 147.421157][ T6864] ? fs_reclaim_acquire+0xae/0x150 [ 147.421196][ T6864] ? tomoyo_encode2+0x100/0x3e0 [ 147.421235][ T6864] should_failslab+0xc2/0x120 [ 147.421263][ T6864] __kmalloc_noprof+0xd2/0x510 [ 147.421309][ T6864] ? d_absolute_path+0x136/0x1a0 [ 147.421361][ T6864] tomoyo_encode2+0x100/0x3e0 [ 147.421405][ T6864] tomoyo_encode+0x29/0x50 [ 147.421462][ T6864] tomoyo_realpath_from_path+0x18f/0x6e0 [ 147.421515][ T6864] tomoyo_path_number_perm+0x245/0x580 [ 147.421550][ T6864] ? tomoyo_path_number_perm+0x237/0x580 [ 147.421596][ T6864] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 147.421633][ T6864] ? find_held_lock+0x2b/0x80 [ 147.421706][ T6864] ? find_held_lock+0x2b/0x80 [ 147.421744][ T6864] ? hook_file_ioctl_common+0x145/0x410 [ 147.421786][ T6864] ? __fget_files+0x20e/0x3c0 [ 147.421834][ T6864] security_file_ioctl+0x9b/0x240 [ 147.421873][ T6864] __x64_sys_ioctl+0xb7/0x200 [ 147.421923][ T6864] do_syscall_64+0xcd/0x260 [ 147.421966][ T6864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.421995][ T6864] RIP: 0033:0x7f3268d8d169 [ 147.422017][ T6864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.422043][ T6864] RSP: 002b:00007f3269bad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 147.422069][ T6864] RAX: ffffffffffffffda RBX: 00007f3268fa5fa0 RCX: 00007f3268d8d169 [ 147.422086][ T6864] RDX: 0000200000000040 RSI: 0000000090009427 RDI: 0000000000000004 [ 147.422125][ T6864] RBP: 00007f3269bad090 R08: 0000000000000000 R09: 0000000000000000 [ 147.422142][ T6864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.422160][ T6864] R13: 0000000000000000 R14: 00007f3268fa5fa0 R15: 00007ffcf32099a8 [ 147.422198][ T6864] [ 147.422221][ T6864] ERROR: Out of memory at tomoyo_realpath_from_path. [ 147.695306][ T5850] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 147.719430][ T6867] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 155.294916][ T6982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.255'. [ 157.104947][ T7000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.260'. [ 157.898582][ T6997] zswap: compressor not available [ 158.427831][ T7023] FAULT_INJECTION: forcing a failure. [ 158.427831][ T7023] name failslab, interval 1, probability 0, space 0, times 0 [ 158.466116][ T7023] CPU: 0 UID: 0 PID: 7023 Comm: syz.2.267 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 158.466159][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 158.466176][ T7023] Call Trace: [ 158.466186][ T7023] [ 158.466197][ T7023] dump_stack_lvl+0x16c/0x1f0 [ 158.466245][ T7023] should_fail_ex+0x512/0x640 [ 158.466277][ T7023] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 158.466327][ T7023] should_failslab+0xc2/0x120 [ 158.466355][ T7023] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 158.466400][ T7023] ? __d_alloc+0x31/0xaa0 [ 158.466431][ T7023] __d_alloc+0x31/0xaa0 [ 158.466455][ T7023] ? security_inode_alloc+0x3b/0x2b0 [ 158.466491][ T7023] d_alloc_pseudo+0x1c/0xc0 [ 158.466526][ T7023] alloc_file_pseudo+0xcf/0x230 [ 158.466560][ T7023] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 158.466603][ T7023] __anon_inode_getfile+0xf7/0x370 [ 158.466654][ T7023] io_uring_setup+0x1550/0x2090 [ 158.466687][ T7023] ? __pfx_io_uring_setup+0x10/0x10 [ 158.466732][ T7023] ? __pfx___might_resched+0x10/0x10 [ 158.466791][ T7023] ? rcu_is_watching+0x12/0xc0 [ 158.466835][ T7023] __x64_sys_io_uring_setup+0xc2/0x170 [ 158.466867][ T7023] do_syscall_64+0xcd/0x260 [ 158.466914][ T7023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.466943][ T7023] RIP: 0033:0x7f3268d8d169 [ 158.466964][ T7023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.466993][ T7023] RSP: 002b:00007f3269bad038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 158.467020][ T7023] RAX: ffffffffffffffda RBX: 00007f3268fa5fa0 RCX: 00007f3268d8d169 [ 158.467039][ T7023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 158.467056][ T7023] RBP: 00007f3268e0e990 R08: 0000000000000000 R09: 0000000000000000 [ 158.467073][ T7023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.467090][ T7023] R13: 0000000000000000 R14: 00007f3268fa5fa0 R15: 00007ffcf32099a8 [ 158.467126][ T7023] [ 158.672414][ C0] vkms_vblank_simulate: vblank timer overrun [ 159.305620][ T7037] FAULT_INJECTION: forcing a failure. [ 159.305620][ T7037] name failslab, interval 1, probability 0, space 0, times 0 [ 159.378416][ T7037] CPU: 1 UID: 0 PID: 7037 Comm: syz.2.271 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 159.378459][ T7037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 159.378476][ T7037] Call Trace: [ 159.378485][ T7037] [ 159.378497][ T7037] dump_stack_lvl+0x16c/0x1f0 [ 159.378547][ T7037] should_fail_ex+0x512/0x640 [ 159.378582][ T7037] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 159.378630][ T7037] should_failslab+0xc2/0x120 [ 159.378659][ T7037] __kmalloc_cache_noprof+0x6a/0x3e0 [ 159.378703][ T7037] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 159.378757][ T7037] ? kasan_save_track+0x14/0x30 [ 159.378819][ T7037] snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 159.378877][ T7037] ? rcu_is_watching+0x12/0xc0 [ 159.378917][ T7037] ? __mutex_lock+0x1ca/0xb90 [ 159.378962][ T7037] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 159.379013][ T7037] ? __pfx___mutex_lock+0x10/0x10 [ 159.379052][ T7037] ? __lock_acquire+0xaa4/0x1ba0 [ 159.379121][ T7037] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 159.379151][ T7037] snd_pcm_oss_set_trigger.isra.0+0x211/0x6b0 [ 159.379180][ T7037] ? lockdep_hardirqs_on+0x7c/0x110 [ 159.379224][ T7037] snd_pcm_oss_poll+0x549/0xaf0 [ 159.379249][ T7037] ? __pfx___pollwait+0x10/0x10 [ 159.379288][ T7037] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 159.379313][ T7037] ? __fget_files+0x20e/0x3c0 [ 159.379359][ T7037] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 159.379386][ T7037] do_select+0xd67/0x17d0 [ 159.379452][ T7037] ? __pfx_do_select+0x10/0x10 [ 159.379494][ T7037] ? __pfx___pollwait+0x10/0x10 [ 159.379537][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379576][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379616][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379657][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379697][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379737][ T7037] ? __pfx_pollwake+0x10/0x10 [ 159.379799][ T7037] ? find_held_lock+0x2b/0x80 [ 159.379838][ T7037] ? __might_fault+0xe3/0x190 [ 159.379878][ T7037] ? __might_fault+0xe3/0x190 [ 159.379919][ T7037] ? __might_fault+0x13b/0x190 [ 159.379975][ T7037] ? core_sys_select+0x440/0xbe0 [ 159.380013][ T7037] core_sys_select+0x440/0xbe0 [ 159.380062][ T7037] ? __pfx_core_sys_select+0x10/0x10 [ 159.380110][ T7037] ? proc_fail_nth_write+0x9f/0x250 [ 159.380181][ T7037] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 159.380254][ T7037] kern_select+0x15d/0x1e0 [ 159.380297][ T7037] ? __pfx_kern_select+0x10/0x10 [ 159.380346][ T7037] ? __pfx_ksys_write+0x10/0x10 [ 159.380393][ T7037] __x64_sys_select+0xbd/0x160 [ 159.380437][ T7037] ? do_syscall_64+0x91/0x260 [ 159.380480][ T7037] ? lockdep_hardirqs_on+0x7c/0x110 [ 159.380522][ T7037] do_syscall_64+0xcd/0x260 [ 159.380569][ T7037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.380600][ T7037] RIP: 0033:0x7f3268d8d169 [ 159.380623][ T7037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.380651][ T7037] RSP: 002b:00007f3269b8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 159.380679][ T7037] RAX: ffffffffffffffda RBX: 00007f3268fa6080 RCX: 00007f3268d8d169 [ 159.380698][ T7037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 159.380715][ T7037] RBP: 00007f3269b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 159.380733][ T7037] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 159.380751][ T7037] R13: 0000000000000001 R14: 00007f3268fa6080 R15: 00007ffcf32099a8 [ 159.380789][ T7037] [ 160.514727][ T7041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.272'. [ 163.061080][ T7069] netlink: 330 bytes leftover after parsing attributes in process `syz.0.278'. [ 163.270932][ T7072] tipc: Enabling of bearer rejected, media not registered [ 164.657895][ T7085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.283'. [ 165.142117][ T5850] Bluetooth: hci1: Malformed Event: 0x02 [ 165.544077][ T7090] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 166.359920][ T7108] sp0: Synchronizing with TNC [ 166.424846][ T7108] : Can't lookup blockdev [ 167.939146][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 167.948505][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 167.959659][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 167.969490][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 167.978072][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 168.153425][ T7120] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 169.529471][ T7123] chnl_net:caif_netlink_parms(): no params data found [ 169.961527][ T7123] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.972664][ T7123] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.991310][ T7123] bridge_slave_0: entered allmulticast mode [ 169.999394][ T7123] bridge_slave_0: entered promiscuous mode [ 170.024159][ T7123] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.047853][ T7123] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.058179][ T7123] bridge_slave_1: entered allmulticast mode [ 170.079346][ T7123] bridge_slave_1: entered promiscuous mode [ 170.094767][ T5850] Bluetooth: hci4: command tx timeout [ 170.277031][ T7123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.319729][ T7123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.845784][ T7123] team0: Port device team_slave_0 added [ 170.904068][ T7123] team0: Port device team_slave_1 added [ 171.123158][ T7158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.295'. [ 171.166320][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.204068][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.311743][ T7123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 171.402357][ T7171] netlink: 28 bytes leftover after parsing attributes in process `syz.0.296'. [ 171.426039][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 171.447893][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.523947][ T7123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.917778][ T7123] hsr_slave_0: entered promiscuous mode [ 171.951798][ T7123] hsr_slave_1: entered promiscuous mode [ 171.971596][ T7123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 171.992374][ T7123] Cannot create hsr debugfs directory [ 172.183947][ T5850] Bluetooth: hci4: command tx timeout [ 172.701118][ T7123] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 172.746183][ T7123] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 172.775851][ T7123] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 172.812151][ T7123] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 173.035482][ T7123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.103380][ T7123] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.119462][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.126647][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.146382][ T150] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.153610][ T150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.305089][ T150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.469959][ T150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.609293][ T7123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.740655][ T150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.781316][ T7200] mkiss: ax0: crc mode is auto. [ 173.933132][ T150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.203519][ T7215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.306'. [ 174.234296][ T7215] veth1_macvtap: left promiscuous mode [ 174.253899][ T5850] Bluetooth: hci4: command tx timeout [ 174.465404][ T150] bridge_slave_1: left allmulticast mode [ 174.485898][ T7210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.305'. [ 174.491592][ T150] bridge_slave_1: left promiscuous mode [ 174.520722][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.619907][ T150] bridge_slave_0: left allmulticast mode [ 174.637272][ T150] bridge_slave_0: left promiscuous mode [ 174.643072][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.327127][ T7240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'. [ 175.725182][ T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.771142][ T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.791739][ T150] bond0 (unregistering): Released all slaves [ 176.156197][ T7123] veth0_vlan: entered promiscuous mode [ 176.238088][ T7123] veth1_vlan: entered promiscuous mode [ 176.334653][ T5850] Bluetooth: hci4: command tx timeout [ 176.420286][ T150] hsr_slave_0: left promiscuous mode [ 176.431658][ T150] hsr_slave_1: left promiscuous mode [ 176.449790][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.469932][ T150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.505753][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.560124][ T150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.686074][ T150] veth0_macvtap: left promiscuous mode [ 176.693270][ T150] veth1_vlan: left promiscuous mode [ 176.700088][ T150] veth0_vlan: left promiscuous mode [ 177.408666][ T150] team0 (unregistering): Port device team_slave_1 removed [ 177.438315][ T150] team0 (unregistering): Port device team_slave_0 removed [ 177.950865][ T7123] veth0_macvtap: entered promiscuous mode [ 177.985127][ T7123] veth1_macvtap: entered promiscuous mode [ 178.106899][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.175970][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.211330][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.238297][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.258650][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.290167][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.327485][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.414856][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.433185][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.463776][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.516941][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.536501][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 178.553802][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.565070][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.611397][ T7123] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.620583][ T7123] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.629478][ T7123] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.638390][ T7123] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.919531][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.970564][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.045334][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.092044][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.479464][ T7319] netlink: 338 bytes leftover after parsing attributes in process `syz.4.290'. [ 179.520146][ T7324] netlink: 338 bytes leftover after parsing attributes in process `syz.4.290'. [ 179.569283][ T7319] netlink: 210 bytes leftover after parsing attributes in process `syz.4.290'. [ 179.974562][ T7322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.319'. [ 182.088797][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.3.332'. [ 182.519839][ T7401] netlink: 'syz.0.331': attribute type 2 has an invalid length. [ 182.682028][ T7400] netlink: 28 bytes leftover after parsing attributes in process `syz.2.333'. [ 183.068997][ T7407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.334'. [ 183.496762][ T7417] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 185.197204][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.341'. [ 185.524192][ T7472] netlink: 'syz.4.343': attribute type 2 has an invalid length. [ 186.510210][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.346'. [ 188.321266][ T7550] netlink: 334 bytes leftover after parsing attributes in process `syz.4.356'. [ 189.227137][ T7566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'. [ 190.066741][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.371'. [ 190.395524][ T7602] vivid-003: ================= START STATUS ================= [ 190.423569][ T7602] vivid-003: Radio HW Seek Mode: Bounded [ 190.440395][ T7602] vivid-003: Radio Programmable HW Seek: false [ 190.455960][ T7602] vivid-003: RDS Rx I/O Mode: Block I/O [ 190.494262][ T7602] vivid-003: Generate RBDS Instead of RDS: false [ 190.500669][ T7602] vivid-003: RDS Reception: true [ 190.556061][ T7602] vivid-003: RDS Program Type: 0 inactive [ 190.561895][ T7602] vivid-003: RDS PS Name: inactive [ 190.616293][ T7602] vivid-003: RDS Radio Text: inactive [ 190.622473][ T7602] vivid-003: RDS Traffic Announcement: false inactive [ 190.684034][ T7602] vivid-003: RDS Traffic Program: false inactive [ 190.707512][ T7602] vivid-003: RDS Music: false inactive [ 190.755671][ T7602] vivid-003: ================== END STATUS ================== syzkaller syzkaller login: [ 193.692892][ T7638] kexec: Could not allocate control_code_buffer [ 196.334087][ T7686] netlink: 20 bytes leftover after parsing attributes in process `syz.0.377'. [ 196.780133][ T7708] vivid-003: ================= START STATUS ================= [ 196.823899][ T7708] vivid-003: Radio HW Seek Mode: Bounded [ 196.833644][ T7708] vivid-003: Radio Programmable HW Seek: false [ 196.840016][ T7708] vivid-003: RDS Rx I/O Mode: Block I/O [ 196.881027][ T7708] vivid-003: Generate RBDS Instead of RDS: false [ 196.901738][ T7708] vivid-003: RDS Reception: true [ 196.920268][ T7708] vivid-003: RDS Program Type: 0 inactive [ 196.930451][ T7708] vivid-003: RDS PS Name: inactive [ 196.951802][ T7708] vivid-003: RDS Radio Text: inactive [ 196.973973][ T7708] vivid-003: RDS Traffic Announcement: false inactive [ 196.980845][ T7708] vivid-003: RDS Traffic Program: false inactive [ 197.156818][ T7708] vivid-003: RDS Music: false inactive [ 197.182836][ T7708] vivid-003: ================== END STATUS ================== [ 197.270243][ T7714] nvme_fabrics: missing parameter 'transport=%s' [ 197.280357][ T7714] nvme_fabrics: missing parameter 'nqn=%s' [ 199.303177][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.311143][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.735262][ T7737] kexec: Could not allocate control_code_buffer [ 200.907731][ T7790] netlink: 40 bytes leftover after parsing attributes in process `syz.0.391'. [ 202.011036][ T7774] kexec: Could not allocate control_code_buffer [ 202.352801][ T7821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.396'. [ 204.716322][ T7882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.407'. [ 206.822150][ T7948] netlink: 186 bytes leftover after parsing attributes in process `syz.0.418'. [ 207.372241][ T7968] netlink: 74 bytes leftover after parsing attributes in process `syz.2.426'. [ 207.390324][ T7968] netlink: 186 bytes leftover after parsing attributes in process `syz.2.426'. [ 208.036753][ T7967] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.043609][ T7967] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.050748][ T7967] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 208.073151][ T7967] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 209.144102][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 209.174971][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 209.184121][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 209.198858][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 209.214296][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 209.374043][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 209.659143][ T5903] [ 209.661516][ T5903] ====================================================== [ 209.668558][ T5903] WARNING: possible circular locking dependency detected [ 209.675599][ T5903] 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 Not tainted [ 209.682739][ T5903] ------------------------------------------------------ [ 209.689770][ T5903] kworker/1:4/5903 is trying to acquire lock: [ 209.695844][ T5903] ffffffff9012dae8 (rtnl_mutex){+.+.}-{4:4}, at: smc_vlan_by_tcpsk+0x251/0x620 [ 209.704838][ T5903] [ 209.704838][ T5903] but task is already holding lock: [ 209.712380][ T5903] ffff888020ff9958 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_connect_work+0x53a/0xae0 [ 209.721731][ T5903] [ 209.721731][ T5903] which lock already depends on the new lock. [ 209.721731][ T5903] [ 209.732133][ T5903] [ 209.732133][ T5903] the existing dependency chain (in reverse order) is: [ 209.741233][ T5903] [ 209.741233][ T5903] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 209.748924][ T5903] lock_sock_nested+0x41/0xf0 [ 209.754143][ T5903] sockopt_lock_sock+0x54/0x70 [ 209.759446][ T5903] do_ip_setsockopt+0xfe/0x3240 [ 209.764829][ T5903] ip_setsockopt+0x59/0xf0 [ 209.769780][ T5903] tcp_setsockopt+0xa4/0x100 [ 209.774906][ T5903] do_sock_setsockopt+0x221/0x470 [ 209.780475][ T5903] __sys_setsockopt+0x1a0/0x230 [ 209.785864][ T5903] __x64_sys_setsockopt+0xbd/0x160 [ 209.791518][ T5903] do_syscall_64+0xcd/0x260 [ 209.796576][ T5903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.803005][ T5903] [ 209.803005][ T5903] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 209.810235][ T5903] __lock_acquire+0x1173/0x1ba0 [ 209.815646][ T5903] lock_acquire+0x179/0x350 [ 209.820683][ T5903] __mutex_lock+0x199/0xb90 [ 209.825747][ T5903] smc_vlan_by_tcpsk+0x251/0x620 [ 209.831234][ T5903] __smc_connect+0x44b/0x4880 [ 209.836449][ T5903] smc_connect_work+0x54c/0xae0 [ 209.841848][ T5903] process_one_work+0x9cc/0x1b70 [ 209.847324][ T5903] worker_thread+0x6c8/0xf10 [ 209.852459][ T5903] kthread+0x3c2/0x780 [ 209.857062][ T5903] ret_from_fork+0x45/0x80 [ 209.862011][ T5903] ret_from_fork_asm+0x1a/0x30 [ 209.867322][ T5903] [ 209.867322][ T5903] other info that might help us debug this: [ 209.867322][ T5903] [ 209.877556][ T5903] Possible unsafe locking scenario: [ 209.877556][ T5903] [ 209.885007][ T5903] CPU0 CPU1 [ 209.890373][ T5903] ---- ---- [ 209.895741][ T5903] lock(sk_lock-AF_INET); [ 209.900184][ T5903] lock(rtnl_mutex); [ 209.906698][ T5903] lock(sk_lock-AF_INET); [ 209.913649][ T5903] lock(rtnl_mutex); [ 209.917668][ T5903] [ 209.917668][ T5903] *** DEADLOCK *** [ 209.917668][ T5903] [ 209.925812][ T5903] 3 locks held by kworker/1:4/5903: [ 209.931011][ T5903] #0: ffff8880317e9148 ((wq_completion)smc_hs_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 209.941751][ T5903] #1: ffffc900043efd18 ((work_completion)(&smc->connect_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 209.953535][ T5903] #2: ffff888020ff9958 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_connect_work+0x53a/0xae0 [ 209.963318][ T5903] [ 209.963318][ T5903] stack backtrace: [ 209.969211][ T5903] CPU: 1 UID: 0 PID: 5903 Comm: kworker/1:4 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) [ 209.969249][ T5903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 209.969268][ T5903] Workqueue: smc_hs_wq smc_connect_work [ 209.969299][ T5903] Call Trace: [ 209.969306][ T5903] [ 209.969324][ T5903] dump_stack_lvl+0x116/0x1f0 [ 209.969361][ T5903] print_circular_bug+0x275/0x350 [ 209.969400][ T5903] check_noncircular+0x14c/0x170 [ 209.969442][ T5903] __lock_acquire+0x1173/0x1ba0 [ 209.969488][ T5903] lock_acquire+0x179/0x350 [ 209.969508][ T5903] ? smc_vlan_by_tcpsk+0x251/0x620 [ 209.969545][ T5903] ? __pfx___might_resched+0x10/0x10 [ 209.969578][ T5903] ? kasan_save_stack+0x42/0x60 [ 209.969613][ T5903] ? kasan_save_stack+0x33/0x60 [ 209.969647][ T5903] ? kasan_save_track+0x14/0x30 [ 209.969683][ T5903] __mutex_lock+0x199/0xb90 [ 209.969718][ T5903] ? smc_vlan_by_tcpsk+0x251/0x620 [ 209.969750][ T5903] ? smc_vlan_by_tcpsk+0x251/0x620 [ 209.969782][ T5903] ? __pfx___mutex_lock+0x10/0x10 [ 209.969821][ T5903] ? find_held_lock+0x2b/0x80 [ 209.969854][ T5903] ? smc_vlan_by_tcpsk+0x251/0x620 [ 209.969884][ T5903] ? rtnl_lock+0x9/0x20 [ 209.969904][ T5903] smc_vlan_by_tcpsk+0x251/0x620 [ 209.969935][ T5903] ? __pfx_smc_vlan_by_tcpsk+0x10/0x10 [ 209.969971][ T5903] __smc_connect+0x44b/0x4880 [ 209.970003][ T5903] ? __pfx___smc_connect+0x10/0x10 [ 209.970031][ T5903] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 209.970062][ T5903] ? __local_bh_enable_ip+0xa4/0x120 [ 209.970096][ T5903] smc_connect_work+0x54c/0xae0 [ 209.970125][ T5903] ? __pfx_smc_connect_work+0x10/0x10 [ 209.970155][ T5903] ? rcu_is_watching+0x12/0xc0 [ 209.970188][ T5903] process_one_work+0x9cc/0x1b70 [ 209.970221][ T5903] ? __pfx_process_one_work+0x10/0x10 [ 209.970254][ T5903] ? assign_work+0x1a0/0x250 [ 209.970280][ T5903] worker_thread+0x6c8/0xf10 [ 209.970313][ T5903] ? __kthread_parkme+0x19e/0x250 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 209.970350][ T5903] ? __pfx_worker_thread+0x10/0x10 [ 209.970378][ T5903] kthread+0x3c2/0x780 [ 209.970402][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970424][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970447][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970469][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970492][ T5903] ? rcu_is_watching+0x12/0xc0 [ 209.970522][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970551][ T5903] ret_from_fork+0x45/0x80 [ 209.970576][ T5903] ? __pfx_kthread+0x10/0x10 [ 209.970600][ T5903] ret_from_fork_asm+0x1a/0x30 [ 209.970645][ T5903] [ 210.219584][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 210.226080][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 210.416997][ T7987] chnl_net:caif_netlink_parms(): no params data found